Friday, January 26, 2007

Now they change their procedures...

http://the.honoluluadvertiser.com/article/2007/Jan/25/br/br0713982546.html

Updated at 8:56 p.m., Thursday, January 25, 2007

State employee investigated in ID theft case

Up to 11,500 current and former clients of the Wahiawa Women, Infants and Childrens program are being notified that their personal information may have been compromised after the discovery of an ID theft case.

The Department of Health has put an employee of the WIC office on administrative leave and is investigating the security breach.

At least three families have had their information used illegally and the state is looking into at least two more cases.

"We are encouraging people to go and check their credit ratings and be on the lookout for any kind of suspicious activity," said Health Director Chiyome Fukino, M.D.

The department is recommending that all clients place a fraud alert on their credit files and notify the police of any suspicious credit activity, such as new cards or unauthorized charges.

Fukino said that the WIC program will no longer use Social Security numbers in its database to protect against future incidents. [“Up to now, we haven't given it a thought.” Bob]



Two questions. 1) Since it seems these “errors” are being detected and reported over the Internet all the time, can we assume they are “obvious?” 2) How many are not being reported because the first person to detect them simply took the data?

http://www.thecnj.co.uk/camden/012507/news012507_06.html

Camden New Journal - by PAUL KEILTHY Published: 25 January 2007

Customer details in bank bin bags left out in street

BARCLAYS Bank left the account details of customers in bin bags lying overnight in one of London’s busiest streets and tried to cover up when a New Journal investigation revealed the lapse.

When questioned on Friday, a spokesman for the banking giant repeatedly denied it left bin bags containing paying-in slips, statement details and bank questionnaires in Tottenham Court Road in 2006.

But the evidence, seen by the New Journal, had already been disclosed at Highbury Corner Magistrates’ Court on Thursday, when the bank admitted litter charges brought by Camden Council and was ordered to pay £1,650 in fines and costs.

The chairwoman of magistrates hearing the case was passed photographs taken as evidence by Camden Council enforcement officers, including pictures of the contents of the bags. Sandra Forsyth JP remarked: “These appear to have account details on.” Stuart Hammill, the lawyer acting for the council, agreed, before pointing out that the bags’ contents were not relevant to the offence.

One of the photographs submitted as an exhibit showed a full bag of papers, on top of which is a completed paying-in-slip which appeared to have been crumpled up. Others showed what appeared to be completed questionnaires containing personal details of customers, and print-out statements recording transactions from a bank account.

But asked about the contents of the bags, a Barclays spokesman said: “To the best of our knowledge the evidence presented at court did not contain any of those items.” He added: “The paying-in slip was just a blank paying-in slip. (It) was devoid of information.”

A Barclays statement said: “Additional steps have been implemented to seek to prevent a recurrence. We would emphasise the security of customers’ money and confidential information is the highest priority.”

The council declined to release the pictures. A spokesman said: “Our legal department have advised we cannot release the photographs used in court due to data protection issues arising from some confidential information being visible in the pictures.”

Barclays pleaded guilty to three counts of leaving rubbish in bin bags outside its Tottenham Court Road branch in February and March last year. “The bank very properly and promptly changed the system when the problem came to light,” its lawyer told the court.



So, that makes everything okay?

http://seattletimes.nwsource.com/html/businesstechnology/2003541873_bizbriefs26.html

Stolen Boeing laptop is recovered

A stolen Boeing laptop containing personal information on 382,000 workers and retirees has been recovered.

In an e-mail to employees, Senior Vice President Rick Stephens said Boeing and a third-party computer-security consultant had confirmed that the files with personally identifiable information were not accessed after the theft. [I would be most curious to know how they determined this... They must be very, VERY sure to make such an absolute statement. Bob

Stephens said Boeing will still honor its commitment to pay for three years of credit monitoring for any employees whose information was on the computer.

The employee responsible for the laptop was fired soon after it was lost in December.



Here is the kind of advice TJX should be getting! (Tylenol is still the classic MBA case study.)

http://www.boston.com/business/globe/articles/2007/01/26/elephants_dont_dance/

Elephants don't dance

By Steve Bailey, Globe Columnist January 26, 2007

TJX is no Johnson & Johnson. And right now Ben Cammarata is looking like no James Burke.

A quarter of a century after the bold decision by Burke, then chairman of Johnson & Johnson, to pull 31 million bottles of Tylenol capsules off the shelves remains the gold standard in corporate crisis-management. Seven people died from Tylenol laced with cyanide, and the Madison Avenue crowd was saying one of the world's best brands would never recover.

Burke succeeded by putting the customer first. Going against the advice of government agents and his own executives, Burke ordered a massive recall, which cost the company $50 million after taxes. Rather than hunkering down, Burke went on "60 Minutes" to explain what happened and dedicated the firm to the investigation. When Tylenol returned to the stores, it was in new triple-sealed packages and J&J gave away 80 million $2.50 coupons redeemable toward any Tylenol product.

The result: Tylenol regained more than 80 percent of its market share within a year. You'll find it in my medicine cabinet today.

The crisis that has engulfed TJX is not about life and death. But it is about consumer trust. This is retailing we're talking about, the most Darwinian of businesses, where only the strongest survive. If I can't trust the Marshalls brand, why not go to Target?

Millions of credit and debit cards may have been exposed by a security breach at Framingham-based TJX in what could become the nation's largest case of stolen consumer data. In the first line of its first public disclosure about the breach, TJX said it was "victimized by computer systems intrusion." Wrong. It is TJX's customers who were victimized by the criminals and TJX itself.

There is plenty of blame to go around. It is not news that identify theft and credit card fraud are problems, but government -- federal and state -- has been slow to act. The credit card companies and the banks have been noisy in pointing the finger at TJX -- no small irony from an industry that stuffs our mailboxes every day with yet another low-low credit offer.

But this particular problem belongs first to TJX. It was TJX that left a window open and let the bad guys sneak in and make off with its customers' credit data. What about it, Ben Cammarata? Did you wait a month to tell your customers because the cops asked you to or because you were in the middle of the Christmas selling season? Why are you still "considering" whether to offer free credit monitoring to customers? Why have customers who had their license numbers stolen not gotten so much as a letter from you?

Debra Gibbons of Needham, a long-time TJX shopper, wants to know. She got a call from her credit card company saying her account was on fraud alert. Said Gibbons: "To close the account or not to close the account, that was the question. I closed the account . . . TJX owes the public something more than lip service. We want answers and we want them now."

Cammarata is a world-class retailer who preaches the value of "sweaty palms" -- that is, always sweating the suppliers until the last minute for the best prices. But as a leader amid one of the company's worst crises, he has been invisible. If TJX were a different kind of company and Cammarata a different kind of leader, company and chairman could become the champion for the need to do something about identify theft and credit card theft. But then elephants don't break dance, either.

Now it is TJX's customers doing the sweating. Repeat after me, Chairman Cammarata: The victim is the customer, not the company. The victim is the customer, not the company. If TJX takes care of its customers, the customers will take care of TJX. If not, there is always Target.



A solution for TJX-like companies? (Their customers, actually.)

http://news.com.com/IBM+donates+new+privacy+tool+to+open-source/2100-1029_3-6153625.html

IBM donates new privacy tool to open-source

By Joris Evers Story last modified Fri Jan 26 05:57:34 PST 2007

IBM has developed software designed to let people keep personal information secret when doing business online and donated it to the Higgins open-source project.

The software, called "Identity Mixer," was developed by IBM researchers. The idea is that people provide encrypted digital credentials issued by trusted parties like a bank or government agency when transacting online, instead of sharing credit card or other details in plain text, Anthony Nadalin, IBM's chief security architect, said in an interview.

"Today you traditionally give away all of your information to the man in the middle and you don't know what they do with it," Nadalin said. "With Identity Mixer you create a pseudonym that you hand over."

For example, when making a purchase online, buyers would provide an encrypted credential issued by their credit card company instead of actual credit card details. The online store can't access the credential, but passes it on to the credit card issuer, which can verify it and make sure the retailer gets paid.

"This limits the liability that the storefront has, because they don't have that credit card information anymore," Nadalin said. "All you hear about is stores getting hacked." [Only the ones who eventually detect it... Bob]

... To get Identity Mixer out of the lab and into the real world, IBM is donating its work to Higgins project, a broad, open-source effort backed by IBM and Novell that promises to give people more control of their personal data when doing business online. Higgins also aims to make the multiple authentication systems on the Net work together, making it easier for people to manage Internet logins and passwords.



Guess where the National Hazardous Waste repository will be located?

http://digg.com/politics/Maine_Rejects_National_ID_Cards

Maine Rejects National ID Cards

State's legislature overwhelmingly opposes act requiring national digital ID cards, putting Bush administration in a pickle.

http://news.com.com/2100-7348_3-6153532.html?tag=nefd.top

[From the article:

Both chambers of the Maine legislature approved a resolution saying the state flatly "refuses" to force its citizens to use driver's licenses that comply with digital ID standards, which were established under the 2005 Real ID Act. It asks the U.S. Congress to repeal the law.



Antitrust?

http://apple.slashdot.org/article.pl?sid=07/01/25/2341240&from=rss

Norway Outlaws iTunes

Posted by CowboyNeal on Thursday January 25, @09:37PM from the run-out-of-town dept.

haddieman notes that while many people are getting more and more annoyed at DRM, Norway actually did something about it. The PC World article explains: "Good intentions, questionable execution. European legislators have been giving DRM considerable attention for a while, but Norway has actually gone so far as to declare that Apple's iTunes store is illegal under Norwegian law. The crux of the issue is that the Fairplay DRM that is at the heart of the iTunes/iPod universe doesn't work with anything else, meaning that if you want access to the cast iTunes library, you have to buy an iPod."



Meta-surveillance? Quis Custodiet Custodes Ipsos?

http://techdirt.com/articles/20070125/115810.shtml

Scotland Mulls Surveillence Cameras To Prevent Anti-Surveillence Camera Vandalism

from the endless-loop dept

As surveillance and speed cameras become ubiquitous in society, instances of vandalism against the cameras are becoming increasingly common. In Scotland, it's apparently gotten so bad that the government is considering the brilliant solution of installing cameras that watch the other cameras (via Hit & Run), for the sole purpose of detecting vandalism. Of course, we probably don't even need to mention the obvious issue with this plan: won't they need yet another camera to watch over these cameras?



What impact on Business Continuity? What recourse do they have?

http://techdirt.com/articles/20070125/102430.shtml

MySpace And GoDaddy Shut Down Huge Archive Of Security Mailing Lists

from the silly-companies dept

Rich Kulawiec writes in to point out that Seclists.org, a site that archives various security-related discussion email lists (and run by Fyodor, author of nmap, and generally well-known within the security realm) was yanked offline completely yesterday thanks to a bogus complaint from MySpace to the registrar/hosting company Fyodor used, GoDaddy. It seems that MySpace was freaking out that yet another big list of MySpace usernames and passwords had leaked (and spread all over the net). So, they went into damage control mode. A few copies of the MySpace list had been mailed to one of the security mailing lists archived as Seclists, and rather than simply asking that they be removed, MySpace went straight to the hosting company to get the entire domain turned off -- which GoDaddy did without question (or giving Fyodor a chance to appeal). In other words, they shut down a huge domain full of useful information that was used by a lot of people, over one complaint on some information that is widely available all over the internet. Fyodor also notes that these types of bogus requests to hosting companies and registrars are only increasingly lately. It seems like there may be an opportunity for a registrar hosting company to advertise that they don't wilt at the first sign of legal language, and at least give their customers a chance to respond.



A tool for new students? Do you think the administration will freak?

http://googleblog.blogspot.com/2007/01/show-us-your-university-campus-in-3d.html

Show us your university campus in 3D

1/25/2007 09:34:00 AM Posted by Allyson McDuffie, Google SketchUp Education Program Coordinator

Today the Build Your Campus in 3D Competition begins. This spring, you and your (presumably equally artistic) friends can honor your campus turf as you hone your 3D design skills just by modeling your school's campus buildings in Google SketchUp, geo-reference them in Google Earth, and submit them through the competition website to earn lasting online glory. And the winners get a visit to Google, all expenses paid.



We already know that more people vote for the next American Idol than vote in presidential elections. Perhaps we should produce “The Next American President?” (Would make a good Saturday Night Live skit anyway...)

http://digg.com/television/Idol_Outshines_State_of_the_Union

'Idol' Outshines State of the Union

Coverage of the president's State of the Union Address blanketed the 9 p.m. hour among all the major networks, while "American Idol" at 8 p.m. earned a higher rating than all four network airings of the Address combined.

http://www.tvweek.com/news.cms?newsId=11446

No comments: